Infosec Analogies from the Bee Hive – Beekeepers and CSOs – Part 2

I often get asked if I’ve been stung by my bees. I’m pleased to say that so far the answer is no, and that’s in no small part to the “full body armour” beekeeping suit and wellies that I wear to keep the little guys at a suitable distance from me.

We tend to check on our hives in pairs and, like the buddy system when scuba diving, do a quick equipment check on each other to make sure that our suits are properly zipped up before getting too close to the action. You be surprised how often you think the zips are fully closed when actually they can be gaping by a good few inches leaving a perfect entry point for any inquisitive bee to pop inside to “say hello”.

A professional beekeeper told me that when a bee does get into your suit they often don’t tend to sting you straight away. They wait until a few more of their comrades have found their way in and then attack together!

So what’s all this got to do with Information Security I hear you ask? Well,think of the suit as your perimeter defences, and the zips as your firewall(s). Your defences will likely protect you from most forms of attack by the “average” hacker. However, your defences are not impenetrable. Eventually someone will make it to the inside,perhaps through a configuration error, a “hole” in your firewall perhaps. Once inside the clever ones might be hard to spot initially as they search around until, inevitably, they decide to attack.

Make sure you are planning for your own (data) breach, not for IF it happens but for WHEN it happens, and are ready to quickly respond with your remediation plans.